dns: disable the use of search namespaces when using the c-ares resolver

api/envoy/config/bootstrap/v3/bootstrap.proto

@@ -9,6 +9,7 @@ import "envoy/config/core/v3/base.proto";
 import "envoy/config/core/v3/config_source.proto";
 import "envoy/config/core/v3/event_service_config.proto";
 import "envoy/config/core/v3/extension.proto";
+import "envoy/config/core/v3/resolver.proto";
 import "envoy/config/core/v3/socket_option.proto";
 import "envoy/config/listener/v3/listener.proto";
 import "envoy/config/metrics/v3/stats.proto";
@@ -39,7 +40,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // <config_overview_bootstrap>` for more detail.
 
 // Bootstrap :ref:`configuration overview <config_overview_bootstrap>`.
-// [#next-free-field: 30]
+// [#next-free-field: 31]
 message Bootstrap {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.bootstrap.v2.Bootstrap";
@@ -250,7 +251,16 @@ message Bootstrap {
   // Setting this value causes failure if the
   // ``envoy.restart_features.use_apple_api_for_dns_lookups`` runtime value is true during
   // server startup. Apple' API only uses UDP for DNS resolution.
-  bool use_tcp_for_dns_lookups = 20;
+  // This field is deprecated in favor of *dns_resolution_config*
+  // which aggregates all of the DNS resolver configuration in a single message.
+  bool use_tcp_for_dns_lookups = 20
+      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
+
+  // DNS resolution configuration which includes the underlying dns resolver addresses and options.
+  // This may be overridden on a per-cluster basis in cds_config, when
+  // :ref:`dns_resolution_config <envoy_v3_api_field_config.cluster.v3.Cluster.dns_resolution_config>`
+  // is specified.
+  core.v3.DnsResolutionConfig dns_resolution_config = 30;
 
   // Specifies optional bootstrap extensions to be instantiated at startup time.
   // Each item contains extension specific configuration.

api/envoy/config/cluster/v3/cluster.proto

@@ -11,6 +11,7 @@ import "envoy/config/core/v3/config_source.proto";
 import "envoy/config/core/v3/extension.proto";
 import "envoy/config/core/v3/health_check.proto";
 import "envoy/config/core/v3/protocol.proto";
+import "envoy/config/core/v3/resolver.proto";
 import "envoy/config/endpoint/v3/endpoint.proto";
 import "envoy/type/v3/percent.proto";
 
@@ -42,7 +43,7 @@ message ClusterCollection {
 }
 
 // Configuration for a single upstream cluster.
-// [#next-free-field: 53]
+// [#next-free-field: 54]
 message Cluster {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Cluster";
 
@@ -858,14 +859,22 @@ message Cluster {
   // Setting this value causes failure if the
   // ``envoy.restart_features.use_apple_api_for_dns_lookups`` runtime value is true during
   // server startup. Apple's API only allows overriding DNS resolvers via system settings.
-  repeated core.v3.Address dns_resolvers = 18;
+  // This field is deprecated in favor of *dns_resolution_config*
+  // which aggregates all of the DNS resolver configuration in a single message.
+  repeated core.v3.Address dns_resolvers = 18
+      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
-  // [#next-major-version: Reconcile DNS options in a single message.]
   // Always use TCP queries instead of UDP queries for DNS lookups.
   // Setting this value causes failure if the
   // ``envoy.restart_features.use_apple_api_for_dns_lookups`` runtime value is true during
   // server startup. Apple' API only uses UDP for DNS resolution.
-  bool use_tcp_for_dns_lookups = 45;
+  // This field is deprecated in favor of *dns_resolution_config*
+  // which aggregates all of the DNS resolver configuration in a single message.
+  bool use_tcp_for_dns_lookups = 45
+      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
+
+  // DNS resolution configuration which includes the underlying dns resolver addresses and options.
+  core.v3.DnsResolutionConfig dns_resolution_config = 53;
 
   // If specified, outlier detection will be enabled for this upstream cluster.
   // Each of the configuration values can be overridden via

api/envoy/config/core/v3/resolver.proto

@@ -14,11 +14,28 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 
 // [#protodoc-title: Resolver]
 
-// DNS resolver configuration which includes the underlying dns resolver addresses and options.
-message DnsResolver {
-  // A list of dns resolver addresses
+// Configuration of DNS resolver option flags which control the behavior of the DNS resolver.
+message DnsResolverOptions {
+  // Use TCP for all DNS queries instead of the default protocol UDP.
+  // Setting this value causes failure if the
+  // ``envoy.restart_features.use_apple_api_for_dns_lookups`` runtime value is true during
+  // server startup. Apple's API only uses UDP for DNS resolution.
+  bool use_tcp_for_dns_lookups = 1;
+
+  // Do not use the default search domains; only query hostnames as-is or as aliases.
+  bool no_default_search_domain = 2;
+}
+
+// DNS resolution configuration which includes the underlying dns resolver addresses and options.
+message DnsResolutionConfig {
+  // A list of dns resolver addresses. If specified, the DNS client library will perform resolution
+  // via the underlying DNS resolvers. Otherwise, the default system resolvers
+  // (e.g., /etc/resolv.conf) will be used.
   // Setting this value causes failure if the
   // ``envoy.restart_features.use_apple_api_for_dns_lookups`` runtime value is true during
   // server startup. Apple's API only allows overriding DNS resolvers via system settings.
   repeated Address resolvers = 1 [(validate.rules).repeated = {min_items: 1}];
+
+  // Configuration of DNS resolver option flags which control the behavior of the DNS resolver.
+  DnsResolverOptions dns_resolver_options = 2;
 }

api/envoy/extensions/common/dynamic_forward_proxy/v3/BUILD

@@ -6,6 +6,7 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
+        "//envoy/annotations:pkg",
         "//envoy/config/cluster/v3:pkg",
         "//envoy/config/common/dynamic_forward_proxy/v2alpha:pkg",
         "//envoy/config/core/v3:pkg",

api/envoy/extensions/common/dynamic_forward_proxy/v3/dns_cache.proto

@@ -8,6 +8,7 @@ import "envoy/config/core/v3/resolver.proto";
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";
 
+import "envoy/annotations/deprecation.proto";
 import "udpa/annotations/status.proto";
 import "udpa/annotations/versioning.proto";
 import "validate/validate.proto";
@@ -96,15 +97,15 @@ message DnsCacheConfig {
   // Envoy will use dns cache circuit breakers with default settings even if this value is not set.
   DnsCacheCircuitBreakers dns_cache_circuit_breaker = 7;
 
-  // [#next-major-version: Reconcile DNS options in a single message.]
   // Always use TCP queries instead of UDP queries for DNS lookups.
   // Setting this value causes failure if the
   // ``envoy.restart_features.use_apple_api_for_dns_lookups`` runtime value is true during
   // server startup. Apple' API only uses UDP for DNS resolution.
-  bool use_tcp_for_dns_lookups = 8;
+  // This field is deprecated in favor of *dns_resolution_config*
+  // which aggregates all of the DNS resolver configuration in a single message.
+  bool use_tcp_for_dns_lookups = 8
+      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
-  // DNS resolver configuration
-  // If specified, DNS cache will perform resolution via the underlying DNS resolvers.
-  // Otherwise, the default system resolvers (e.g., /etc/resolv.conf) will be used.
-  config.core.v3.DnsResolver dns_resolver = 9;
+  // DNS resolution configuration which includes the underlying dns resolver addresses and options.
+  config.core.v3.DnsResolutionConfig dns_resolution_config = 9;
 }